mirror of
https://github.com/project-zot/zot.git
synced 2025-02-03 23:09:41 -05:00
ba6f347d8d
Which could be imported independently. See more details: 1. "zotregistry.io/zot/pkg/test/common" - currently used as tcommon "zotregistry.io/zot/pkg/test/common" - inside pkg/test test "zotregistry.io/zot/pkg/test/common" - in tests . "zotregistry.io/zot/pkg/test/common" - in tests Decouple zb from code in test/pkg in order to keep the size small. 2. "zotregistry.io/zot/pkg/test/image-utils" - curently used as . "zotregistry.io/zot/pkg/test/image-utils" 3. "zotregistry.io/zot/pkg/test/deprecated" - curently used as "zotregistry.io/zot/pkg/test/deprecated" This one will bre replaced gradually by image-utils in the future. 4. "zotregistry.io/zot/pkg/test/signature" - (cosign + notation) use as "zotregistry.io/zot/pkg/test/signature" 5. "zotregistry.io/zot/pkg/test/auth" - (bearer + oidc) curently used as authutils "zotregistry.io/zot/pkg/test/auth" 6. "zotregistry.io/zot/pkg/test/oci-utils" - curently used as ociutils "zotregistry.io/zot/pkg/test/oci-utils" Some unused functions were removed, some were replaced, and in a few cases specific funtions were moved to the files they were used in. Added an interface for the StoreController, this reduces the number of imports of the entire image store, decreasing binary size for tests. If the zb code was still coupled with pkg/test, this would have reflected in zb size. Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
228 lines
6.8 KiB
Go
228 lines
6.8 KiB
Go
//go:build search
|
|
// +build search
|
|
|
|
package client
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"gopkg.in/resty.v1"
|
|
|
|
"zotregistry.io/zot/pkg/api"
|
|
"zotregistry.io/zot/pkg/api/config"
|
|
"zotregistry.io/zot/pkg/api/constants"
|
|
extConf "zotregistry.io/zot/pkg/extensions/config"
|
|
test "zotregistry.io/zot/pkg/test/common"
|
|
)
|
|
|
|
const (
|
|
BaseURL1 = "http://127.0.0.1:8088"
|
|
BaseSecureURL1 = "https://127.0.0.1:8088"
|
|
HOST1 = "127.0.0.1:8088"
|
|
SecurePort1 = "8088"
|
|
BaseURL2 = "http://127.0.0.1:8089"
|
|
BaseSecureURL2 = "https://127.0.0.1:8089"
|
|
SecurePort2 = "8089"
|
|
BaseURL3 = "http://127.0.0.1:8090"
|
|
BaseSecureURL3 = "https://127.0.0.1:8090"
|
|
SecurePort3 = "8090"
|
|
username = "test"
|
|
passphrase = "test"
|
|
ServerCert = "../../../test/data/server.cert"
|
|
ServerKey = "../../../test/data/server.key"
|
|
CACert = "../../../test/data/ca.crt"
|
|
sourceCertsDir = "../../../test/data"
|
|
certsDir1 = "/.config/containers/certs.d/127.0.0.1:8088/"
|
|
)
|
|
|
|
func TestTLSWithAuth(t *testing.T) {
|
|
Convey("Make a new controller", t, func() {
|
|
caCert, err := os.ReadFile(CACert)
|
|
So(err, ShouldBeNil)
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
|
|
defer func() { resty.SetTLSClientConfig(nil) }()
|
|
conf := config.New()
|
|
conf.HTTP.Port = SecurePort1
|
|
htpasswdPath := test.MakeHtpasswdFile()
|
|
defer os.Remove(htpasswdPath)
|
|
|
|
conf.HTTP.Auth = &config.AuthConfig{
|
|
HTPasswd: config.AuthHTPasswd{
|
|
Path: htpasswdPath,
|
|
},
|
|
}
|
|
|
|
conf.HTTP.TLS = &config.TLSConfig{
|
|
Cert: ServerCert,
|
|
Key: ServerKey,
|
|
CACert: CACert,
|
|
}
|
|
|
|
enable := true
|
|
conf.Extensions = &extConf.ExtensionConfig{
|
|
Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},
|
|
}
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlr.Config.Storage.RootDirectory = t.TempDir()
|
|
cm := test.NewControllerManager(ctlr)
|
|
cm.StartAndWait(conf.HTTP.Port)
|
|
defer cm.StopServer()
|
|
|
|
Convey("Test with htpassw auth", func() {
|
|
configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
|
|
defer os.Remove(configPath)
|
|
|
|
home := os.Getenv("HOME")
|
|
destCertsDir := filepath.Join(home, certsDir1)
|
|
err := test.CopyTestKeysAndCerts(destCertsDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
defer os.RemoveAll(destCertsDir)
|
|
|
|
args := []string{"name", "dummyImageName", "--url", HOST1}
|
|
imageCmd := NewImageCommand(new(searchService))
|
|
imageBuff := bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err = imageCmd.Execute()
|
|
So(err, ShouldNotBeNil)
|
|
So(imageBuff.String(), ShouldContainSubstring, "scheme not provided")
|
|
|
|
args = []string{"list", "--config", "imagetest"}
|
|
configPath = makeConfigFile(
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
defer os.Remove(configPath)
|
|
imageCmd = NewImageCommand(new(searchService))
|
|
imageBuff = bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err = imageCmd.Execute()
|
|
So(err, ShouldNotBeNil)
|
|
So(imageBuff.String(), ShouldContainSubstring, "check credentials")
|
|
|
|
user := fmt.Sprintf("%s:%s", username, passphrase)
|
|
args = []string{"-u", user, "--config", "imagetest"}
|
|
configPath = makeConfigFile(
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
defer os.Remove(configPath)
|
|
imageCmd = NewImageCommand(new(searchService))
|
|
imageBuff = bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err = imageCmd.Execute()
|
|
So(err, ShouldBeNil)
|
|
})
|
|
})
|
|
}
|
|
|
|
func TestTLSWithoutAuth(t *testing.T) {
|
|
Convey("Home certs - Make a new controller", t, func() {
|
|
caCert, err := os.ReadFile(CACert)
|
|
So(err, ShouldBeNil)
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
|
|
defer func() { resty.SetTLSClientConfig(nil) }()
|
|
conf := config.New()
|
|
conf.HTTP.Port = SecurePort1
|
|
conf.HTTP.TLS = &config.TLSConfig{
|
|
Cert: ServerCert,
|
|
Key: ServerKey,
|
|
CACert: CACert,
|
|
}
|
|
|
|
enable := true
|
|
conf.Extensions = &extConf.ExtensionConfig{
|
|
Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},
|
|
}
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlr.Config.Storage.RootDirectory = t.TempDir()
|
|
cm := test.NewControllerManager(ctlr)
|
|
cm.StartAndWait(conf.HTTP.Port)
|
|
defer cm.StopServer()
|
|
|
|
Convey("Certs in user's home", func() {
|
|
configPath := makeConfigFile(
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
defer os.Remove(configPath)
|
|
|
|
home := os.Getenv("HOME")
|
|
destCertsDir := filepath.Join(home, certsDir1)
|
|
|
|
err := test.CopyFiles(sourceCertsDir, destCertsDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
defer os.RemoveAll(destCertsDir)
|
|
|
|
args := []string{"list", "--config", "imagetest"}
|
|
imageCmd := NewImageCommand(new(searchService))
|
|
imageBuff := bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err = imageCmd.Execute()
|
|
So(err, ShouldBeNil)
|
|
})
|
|
})
|
|
}
|
|
|
|
func TestTLSBadCerts(t *testing.T) {
|
|
Convey("Make a new controller", t, func() {
|
|
caCert, err := os.ReadFile(CACert)
|
|
So(err, ShouldBeNil)
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
|
|
defer func() { resty.SetTLSClientConfig(nil) }()
|
|
conf := config.New()
|
|
conf.HTTP.Port = SecurePort3
|
|
conf.HTTP.TLS = &config.TLSConfig{
|
|
Cert: ServerCert,
|
|
Key: ServerKey,
|
|
CACert: CACert,
|
|
}
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlr.Config.Storage.RootDirectory = t.TempDir()
|
|
cm := test.NewControllerManager(ctlr)
|
|
cm.StartAndWait(conf.HTTP.Port)
|
|
defer cm.StopServer()
|
|
|
|
Convey("Test with system certs", func() {
|
|
configPath := makeConfigFile(
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL3, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
defer os.Remove(configPath)
|
|
|
|
args := []string{"list", "--config", "imagetest"}
|
|
imageCmd := NewImageCommand(new(searchService))
|
|
imageBuff := bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err := imageCmd.Execute()
|
|
So(err, ShouldNotBeNil)
|
|
So(imageBuff.String(), ShouldContainSubstring, "certificate signed by unknown authority")
|
|
})
|
|
})
|
|
}
|